|
Hi,
I'm trying to follow the documentation here to set up multi-port (http/https)
persistence, with LVS-DR:
1)
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.services.multi-port.html
2)
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.fwmark.html#e-commerce_fwmark
However, it doesn't make much sense to me.
First, 2), under "25.6.2. iptables for 2.4 director" mentions:
director:# iptables -t mangle -A PREROUTING -i eth1 -p tcp -s 0.0.0.0/0 -d
192.168.2.110/32 \
--dport http -j MARK --set-mark 2
director:# iptables -t mangle -A PREROUTING -i eth1 -p tcp -s 0.0.0.0/0 -d
192.168.2.110/32 \
--dport https -j MARK --set-mark 2
This would set the *same* mark 2 for ports 80 and 443.
Then, how will LVS distinguish between what needs to be sent where?
I.e. this snippet of ldirectord config:
virtual = 2
protocol = fwm
scheduler = wlc
persistent = 300
real = server1:80 gate 20
real = server2:80 gate 20
real = server3:80 gate 20
real = server4:80 gate 20
virtualhost = example.com
request = "/ping/"
receive = "ALIVE"
service = http
will cause the traffic to be sent to port 80.
But it will also send there (to port 80) all traffic incoming to port 443,
since it has the same mark.
So:
- connections to port 80 will go to some realserver, port 80 (good)
- connections to port 443 will go to some realserver, port 80 (bad!)
Can you point where my reasoning is incorrect, and how should I use LVS to make
sure traffic for 80/443 is always sent to the same real server?
--
Tomasz Chmielewski
http://blog.wpkg.org
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
